Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations

 


A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

More articles


  1. Hack Tools For Games
  2. Hack Tools For Mac
  3. Hacker Tools Apk Download
  4. Hacking Tools Free Download
  5. Pentest Tools For Windows
  6. Game Hacking
  7. Hacking Tools For Mac
  8. Hacking Tools 2019
  9. Hack Apps
  10. Termux Hacking Tools 2019
  11. New Hacker Tools
  12. Pentest Tools Nmap
  13. Hack Tools Online
  14. Pentest Tools Subdomain
  15. Hacks And Tools
  16. Pentest Tools Bluekeep
  17. Hackers Toolbox
  18. Pentest Tools Port Scanner
  19. Hacker Tools For Pc
  20. Bluetooth Hacking Tools Kali
  21. New Hacker Tools
  22. Hacker Tools For Windows
  23. Pentest Tools Open Source
  24. Pentest Tools Url Fuzzer
  25. Hacking Tools For Windows
  26. Hacking Tools Kit
  27. What Is Hacking Tools
  28. Hacking Tools Windows
  29. Physical Pentest Tools
  30. Hacker
  31. Hack Tools For Mac
  32. Hacker Security Tools
  33. Computer Hacker
  34. Hacking Tools For Kali Linux
  35. Hacks And Tools
  36. Hacking Tools 2020
  37. Hacking Tools For Kali Linux
  38. Hacking Tools Mac
  39. Hacker Tools Apk
  40. Hacker Tool Kit
  41. Hack Tools Download
  42. Pentest Tools For Android
  43. Beginner Hacker Tools
  44. New Hacker Tools
  45. Game Hacking
  46. Termux Hacking Tools 2019
  47. Hack Tools Download
  48. Top Pentest Tools
  49. Pentest Tools Nmap
  50. Pentest Tools Review
  51. Hacks And Tools
  52. Hacker Tools Hardware
  53. Hacking Tools For Games
  54. Hacker Tools 2019
  55. Hack Apps
  56. How To Install Pentest Tools In Ubuntu
  57. How To Make Hacking Tools
  58. Install Pentest Tools Ubuntu
  59. Growth Hacker Tools
  60. Hacking Apps
  61. Github Hacking Tools
  62. Pentest Tools For Ubuntu
  63. Hacker Tools Mac
  64. Pentest Tools Url Fuzzer
  65. Nsa Hack Tools Download
  66. Hacking App
  67. Tools Used For Hacking
  68. Pentest Tools List
  69. Pentest Tools Find Subdomains
  70. Hacking Tools Github
  71. Computer Hacker
  72. Hacking Tools For Kali Linux
  73. Pentest Tools Android
  74. World No 1 Hacker Software
  75. Computer Hacker
  76. Beginner Hacker Tools
  77. Hack Tools For Pc
  78. Hacking Tools Mac
  79. Pentest Tools
  80. Hack Tools Github
  81. Hacks And Tools
  82. Hacking Tools Kit
  83. Pentest Tools Website Vulnerability
  84. Pentest Tools Download
  85. Pentest Tools Apk
  86. Pentest Tools Url Fuzzer
  87. Hack Tools For Pc
  88. Hacker Tools For Pc
  89. Pentest Tools Linux
  90. Pentest Tools
  91. Underground Hacker Sites
  92. Hacking Tools For Pc
  93. Hack Tools
  94. Hacks And Tools
  95. Hacking Tools Download
  96. Pentest Tools Find Subdomains
  97. Termux Hacking Tools 2019
  98. Hack Tools Mac
  99. Pentest Automation Tools
  100. Hack Tools Pc
  101. Hack Tools For Ubuntu
  102. Pentest Tools Github
  103. Hack Tools For Ubuntu
  104. Hacker Tools Free
  105. Hacking Tools Pc
  106. Pentest Tools Windows
  107. Pentest Reporting Tools
  108. Hack Tools For Ubuntu
  109. Game Hacking
Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)